> ## Documentation Index
> Fetch the complete documentation index at: https://docs.onyxiq.in/llms.txt
> Use this file to discover all available pages before exploring further.

# Authenticate with OnyxIQ

> OnyxIQ uses session-based auth. Sign in at onyxiq.in/login and your session cookie authenticates all API requests automatically from the browser.

OnyxIQ authenticates users through a session cookie set at sign-in. There are no API keys to generate or manage — your session is the credential. This keeps things simple for web users and still works for direct API integrations when you pass the cookie explicitly.

<Tip>
  For most use cases, the web dashboard at [onyxiq.in/products/openclaw](https://onyxiq.in/products/openclaw) is the easiest way to use OnyxIQ tools. Raw API calls are intended for developers building integrations or automations.
</Tip>

## Signing in

Go to [onyxiq.in/login](https://onyxiq.in/login) and sign in with your email address and password. After a successful sign-in, a session cookie is set in your browser automatically. All subsequent requests from the browser include this cookie without any extra steps.

## Authenticating API requests

Every protected endpoint — including `POST /api/openclaw/scrape` — requires a valid session cookie. In the browser, this happens automatically. For server-side or command-line requests, you need to copy the session cookie from your browser and pass it explicitly.

To find your session cookie:

1. Sign in at [onyxiq.in/login](https://onyxiq.in/login).
2. Open your browser's developer tools and go to **Application → Cookies**.
3. Look for a cookie named `sb-<project-ref>-auth-token` on the `onyxiq.in` domain.
4. Copy its value and include it in your request's `Cookie` header.

```bash cURL example theme={null}
curl --request POST \
  --url https://onyxiq.in/api/openclaw/scrape \
  --header 'Content-Type: application/json' \
  --header 'Cookie: sb-<project-ref>-auth-token=<your-session-cookie>' \
  --data '{"url": "https://example.com"}'
```

## Error responses

### 401 — Not signed in

If you send a request without a valid session cookie, or if your session has expired, the API returns a `401` error.

```json theme={null}
{
  "error": "Authentication required"
}
```

Sign in again at [onyxiq.in/login](https://onyxiq.in/login) to get a fresh session cookie, then retry your request.

### 402 — Insufficient credits

If your account does not have enough credits to complete the requested action, the API returns a `402` error. No credits are deducted.

```json theme={null}
{
  "ok": false,
  "status": 402
}
```

Top up your balance at [onyxiq.in/credits](https://onyxiq.in/credits) and retry.

## Endpoints that do not require authentication

The contact form endpoint (`POST /api/contact`) does not require a session. All product endpoints, including OpenClaw, do require authentication.
